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DETAILED ACTION 
Information Disclosure Statement 

1. The information disclosure statement (IDS) submitted on July 18, 2003 
has been entered. The submission is in compliance with the provisions of 37 CFR 1 .97. 
Accordingly, the information disclosure statement is considered by the examiner. 

Claim Rejections - 35 USC § 101 

2. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

3. Claims 15-19, 26-29, 44-48, 55-58 are rejected under 35 U.S.C. 101 
because the claimed invention is directed to non-statutory subject matter. 

Claim 15 recites steps of generating a time element; identifying a key 
identifier; generating a digital signature; generating a secure identifier as a function of 
the time element, the key identifier, the digital signature; and emitting the secure 
identifier. The steps do not perform the requested action. Claim 15 also recites a 
method step that needs no implementation on a computer. Thus, claim 15 does not 
recite any structure, i.e., machine to carry out the functions of all the recited steps. 
Therefore, claim 15 recites non-statutory subject matter. Claims 16-19 depend on claim 
15, therefore they are rejected with the same rationale applied against claim 15 above. 

Claim 26 recites steps of receiving a secure identifier, the secure identifier 
comprising a digital signature, a key identifier, and a time identifier; and verifying the 
secure identifier, verifying comprising: verifying that the public key identifier received 
corresponds to known information regarding the public key identifier received; and 
verifying the time identifier such that the time identifier received is within predetermined 
time tolerances. The steps do not perform the requested action. Claim 26 also recites 
a method step that needs no implementation on a computer. Thus, claim 26 does not 
recite any structure, i.e., machine to carry out the functions of all the recited steps. 
Therefore, claim 26 recites non-statutory subject matter. Claims 27-29 depend on claim 
26, therefore they are rejected with the same rationale applied against claim 26 above. 
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Claim 44 has limitations that is similar to those of claim 15, thus it is 
rejected with the same rationale applied against claim 15 above. Claims 45-48 depend 
on claim 44, therefore they are rejected with the same rationale applied against claim 15 
above. 

Claim 55 has limitations that is similar to those of claim 26, thus it is 
rejected with the same rationale applied against claim 26 above. Claims 56-58 depend 
on claim 55, therefore they are rejected with the same rationale applied against claim 26 
above. 

b. Referring to claims 26-29. 44-48. 55-58: 

i. These claims have limitations that are similar to those of 
claim 15, thus they are rejected with the same rationale applied against claim 15 above. 

Claim Rejections - 35 USC § 102 

4. The following is a quotation of the appropriate paragraphs of 35 
U.S.C. 102 that form the basis for the rejections under this section made in this Office 
action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

5. Claims 1-2, 4-19, 30-31, 33-48 are rejected under 35 U.S.C. 102(e) as 
being anticipated by Tello (US 6,463,537). 

, a. Referring to claims 1. 30: 
i. Tello teaches: 

(1) a processor [i.e., referring to Figure 1, the major 
functional components of a typical motherboard comprises a CPU 101 (column 6, 
lines 22-23). Furthermore, the security engine 123 of this invention comprises a 
microprocessor with internal RAM (random access memory) and flash memory 
125 and a scratch memory buffer 127 consisting of SRAM (Static Random Access 
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Memory), a programming circuit 129 and independent battery backup circuit 131 
(column 6, lines 40-45)]; 

(2) a clock coupled to the processor configurable to 
generate a time element [i.e., the programming circuit 129 is logically connected to 
the security engine microprocessor 123, the security engine scratch memory 127, 
and the smart card reader 133 through the smart card interface 135. The smart 
card interface 135 is shown in Figure 2 and is comprised of PA0136, PB0138, 
PB1140, PB2142, PB3149 and Reset 150 lines which have pull down resistors on 
them, and Clock 152, Ground 154, and (Supply voltage) VCC 156 lines (column 6, 
lines 60-67)]; 

(3) a memory element coupled to the processor 
configurable to store a private key and public key information [i.e., also stored within 
the ROM are the same six encryption algorithms as are found in the flash memory 
of the security engine. The first is a public key based cryptographic algorithm 
that provides encryption and decryption for 48 and 64 bits of data (column 15, 
lines 5-10). The CK, which is stored in the internal memory of the smart card and 
the internal memory of the security engine, is used as an encryption key with an 
algorithm to encrypt or decrypt all communications after the first transfer of data 
between the security engine and the smart card (column 24, lines 31-35)]; 

(4) at least one actuator (e.g., a mechanism that puts 
something into automatic action, like battery backup circuit) coupled to the processor 
[i.e., the battery backup circuit 131 connected to the microprocessor 125 allows 
the security engine 123 to always have automatic power on during interrupts 
such as during manual resets and power failures. This also ensures a secure and 
proper shut down procedure. This same battery also supplies the SRAM of the 
scratch memory 127. The scratch memory 127 is connected to the security 
engine microprocessor 125 through two lines. These two lines control the flow of 
data and address. The amount of data flow can easily be increased through the 
addition of more SRAM. A power on/power off circuit is connected to the 
microprocessor and the computer power supply. This allows the security engine 
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to automatically power on during the start up of the computer or after an interrupt 
(column 6, lines 46-59)]; 

(5) a signature generator coupled to the processor 
operable to generate a digital signature, the digital signature being a function of the 
private key and the time element; and an emitter (e.g., having a capability to send) 
coupled to the signal generator operable to emit the secure identifier, the secure 
identifier comprising the digital signature, time element, and public key information [i.e., 
a personalized' computer with a unique encrypted digital signature which will 
not boot up or recognize any data storage or communication peripheral devices 
without a matching personalized' smart card containing a complementary 
encrypted digital signature (see abstract). The flash memory of the security 
engine's microprocessor contains six encryption algorithms. One algorithm is 
used for the generation of the hash number from the personalized information 
entered by the holder of a smart card during the initial security set up. This hash 
number is used in the identification and authentication of the user of this 
invention (column 7, lines 63-67 through column 8, lines 1-2). Upon power up or 
interrupt of the computer, the modified BIOS takes control and allows the security 
engine microprocessor to look for, and if present, read from a smart card in the 
smart card reader which is logically connected to the security engine 
microprocessor. If the smart card and the computer have not been previously 
personalized' a security setup procedure is initiated and a unique hash number 
(digital signature) placed in the smart card during the initial set up of the security 
system and a complementary hash number similarly assigned to the security 
engine memory (column 5, lines 15-25). The level of access allowed is 
determined by the presence or absence of encrypted keys in the memory of the 
security engine which are required before any device driver can load and initialize 
and recognize its respective peripheral communication or data storage device. 
This enable and disable capability is achieved through the placement of 
enable/disable circuits between the peripheral device connector and its 
respective Bus. If the proper smart card is not present in the card reader, no 
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device drivers will be loaded and the computer will not be operable (column 5, 
lines 35-44). Also stored within the ROM are the same six encryption algorithms 
as are found in the flash memory of the security engine. The first is a public key 
based cryptographic algorithm that provides encryption and decryption for 48 
and 64 bits of data. This, and the same encryption algorithm stored in the 
security engine ensures that the initial data flowing between the smart card 
reader and the security engine microprocessor during the synchronization of 
communications is secure if intercepted (column 15, lines 6-13). In addition, 
Tello's invention also allows a personalized* computer system that contains this 
invention to identify and authenticate another personalized* computer connected 
to it in a network. In order to authenticate the identity of a second computer the 
first computer sends an identification request through application software which 
operates under the current operating system. This identification request is 
encrypted by a public key algorithm then forwarded through the network 
connection to the second computer (column 38, lines 21-29)]. 

b. Referring to claims 2. 31: 
i. Tello teaches: 

(1 ) a random number generator coupled to the processor 
to encrypt the digital signature p.e., upon start up of the computer system, an 
authentication procedure is executed by the microcircuit board in which identifies 
and authenticates the user through the verification of a smart card involving the 
comparison of encrypted keys created by the random number generator (column 
2, lines 55-59)]. 

c. Referring to claims 4. 33: 
i. Tello teaches: 

(1) further comprising an input element coupled to the 
processor, the input element capable of receiving a personal identification number (PIN) 
[i.e., referring to Figure 1, keyboard, 117 and/or smart card reader, 133 are input 
elements]. 

d. Referring to claims 5. 34: 
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i. These claims have limitations that are similar to those of 
claim 4, thus they are rejected with the same rationale applied against claim 4 above. 

e. Referring to claims 6. 35: 
i. Tello teaches: 

(1) further comprising a display coupled to the processor, 
the display capable of displaying key identifiers [i.e., if a smart card is not present in 
the smart card reader a request to the user to insert a smart card is given via a 
display command sent to the BIOS 509 (column 25, lines 32-34). In addition, 
another command is sent to the BIOS to display the user identification set up 
screen 527. This screen displays a unique serial number assigned each security 
motherboard during its manufacture and allows the user to input personal 
information to be used to personalize* each computer and smart card 529 
(column 25, lines 62-67)]. 

f. Referring to claims 7-8. 36-37: 
i. Tello teaches: 

(1) wherein the secure identifier emitted is emitted as an 
audio tone or as an optical signal [i.e., the three main methods by which a user's 
claimed identity is verified are through the use of: 1.) something the individual 
knows such as a password or PIN (Personal Identification Number); 2.) something 
the individual possesses, such as a token-a magnetic stripe card or smart card 
for example; and/or 3.) something unique to the individual, such as a biometric 
characteristic-retina pattern or fingerprint for example (column 2, lines 1-8)]. 

g. Referring to claims 9-10. 38-39: 
i. Tello teaches: 

(1) wherein the actuator is a push-button switch or a 
voice activated switch [i.e., three different lengths of communication are supported 
between the security engine microprocessor and the smart card reader. They are 
1 byte, 6 bytes and 8 bytes. This allows the invention to be compatible with 
several different types of smart cards and to also support other identification and 
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authentication devices such as button memory and biometric readers (column 16, 
lines 10-16)]. 

h. Referring to claims 11-13. 40-42: 
i. Tello teaches: 

(1) wherein the public key information is a public key 
identifier; wherein the pubic key identifier is derived from the public key information; 
wherein the public key information is the public key [i.e., this identification request is 
encrypted by a public key algorithm then forwarded through the network 
connection to the second computer. This request contains a request for selected 
identification data parameters which can be compared with the same parameters 
stored in a database of the requesting computer system. These parameters can 
include special identification codes that are stored in the Application area of the 
smart card. Upon receiving this request, the identification request is stored in the 
scratch memory buffer of the security engine and decrypted using the same 
public key algorithm as in the first computer, (column 38, lines 27-37)]. 

i. Referring to claims 14. 43: 
i. Tello teaches: 

(1) wherein the digital signature is encrypted using a 
personal identification number (PIN) [i.e., if the smart card and the computer have 
not been previously personalized' a security setup procedure is initiated and a 
unique hash number (digital signature) placed in the smart card during the initial 
set up of the security system and a complementary hash number similarly 
assigned to the security engine memory. The hash number calculations are 
based on a set of personal information provided by the holder of a particular 
smart card and thus each computer and smart card is uniquely 'personalized' for 
that user (column 5, lines 20-28)]. 

j. Referring to claims 15 and 44: 

i. These claims have limitations that is similar to those of claim 
1 , thus they are rejected with the same rationale applied against claim 1 above. 

k. Referring to claims 16. 45: 
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i. Tello teaches: 

(1) further comprising identifying a PIN, and wherein 
generating a digital signature is further a function of the PIN [i.e., the three main 
methods by which a user's claimed identity is verified are through the use of: 1.) 
something the individual knows such as a password or PIN (Personal 
Identification Number); 2.) something the individual possesses, such as a token-- 
a magnetic stripe card or smart card for example; and/or 3.) something unique to 
the individual, such as a biometric characteristic-retina pattern or fingerprint for 
example (column 2, lines 1-8)]. 

I. Referring to claims 17-18. 46-47: 

i. These claims have limitations that are similar to those of 
claims 7-8, thus they are rejected with the same rationale applied against claims 7-8 
above. 

m. Referring to claims 19. 48: 
i. Tello teaches: 

(1) wherein the digital signature is derived from a private 
key [i.e., the security system involves the digital signing of adapter cards and 
ROM extensions for peripheral devices with the peripheral vendor's private key. 
During the ROM scan phase of the start up procedure of a computer, the BIOS 
compares a list of authorized public keys against the digital signatures of 
peripheral devices encountered during ROM scan. This requires that all 
approved peripheral devices be digitally signed with the vendor's private 
encryption key beforehand (column 4, lines 18-26)]. 

Claim Rejections - 35 USC § 103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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7. Claims 3, 32, 20-29, 49-58 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Tello (US 6,463,537), and further in view of Akiyama et al (US 
5,784,464). 

a. Referring to claims 3. 23. 32: 

i. Although Tello teaches a clock in Figure 2 and a timer 
(column 7, line 61) and number of data bits in cryptographic algorithm, Tello does not 
explicitly mention: 

(1) wherein the time element comprises a predetermined 
number of least significant bits of the time. 

ii. Whereas, Akiyama teaches: 

(1) The key update timer 17 is a timer for regulating a 
timing of processing in the key update processing unit 16, as shown in Figure 3. 

iii. It would have been obvious to a person having ordinary skill 
in the art at the time the invention was made to: 

(1) combine the teaching of Akiyama into Tello's system 
to provide a client authenticating system for making the identification data impossible to 
be used by a third party by dynamically creating identification data used for the 
authentication between the user (client) and the service provider both in a client system 
and in a service provider system (column 2, lines 11-16 of Akiyama). 

iv. The ordinary skilled person would have been motivated to: 
(1) combine the teaching of Akiyama into Tello's system 

to protect these systems and the data stored within them from unauthorized access and 
theft (column 1, lines 26-27 of Tello). 

b. Referring to claims 20. 26. 49. 55: 
i. Tello teaches: 

(1) a receiver configurable to receive a secure identifier 
[i.e., the smart card interface circuit provides lines PA0, PB0, PB1, PB2, PB3, 
Clock, VCC, Ground and Reset which receive signals from an attached smart card 
reader 133. With communication lengths of 4, 6, and 8 bits available, the interface 
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for different types of smart cards and other authentication and identification 
devices is provided (column 7, lines 45-52)], the secure identifier comprising: 

(2) a digital signature, the digital signature comprising 
information derived from a private key, a public key identifier; and a time identifier [i.e., 
if the smart card and the computer have not been previously personalized' a 
security setup procedure is initiated and a unique hash number (digital signature) 
placed in the smart card during the initial set up of the security system and a 
complementary hash number similarly assigned to the security engine memory 
(column 5, lines 19-25). The level of access allowed is determined by the 
presence or absence of encrypted keys in the memory of the security engine 
which are required before any device driver can load and initialize and recognize 
its respective peripheral communication or data storage device. This enable and 
disable capability is achieved through the placement of enable/disable circuits 
between the peripheral device connector and its respective Bus. If the proper 
smart card is not present in the card reader, no device drivers will be loaded and 
the computer will not be operable (column 5, lines 35-44). Also stored within the 
ROM are the same six encryption algorithms as are found in the flash memory of 
the security engine. The first is a public key based cryptographic algorithm that 
provides encryption and decryption for 48 and 64 bits of data. This, and the same 
encryption algorithm stored in the security engine ensures that the initial data 
flowing between the smart card reader and the security engine microprocessor 
during the synchronization of communications is secure if intercepted (column 
15, lines 6-13). In addition, Tello's invention also allows a personalized^ 
computer system that contains this invention to identify and authenticate another 
personalized' computer connected to it in a network. In order to authenticate the 
identity of a second computer the first computer sends an identification request 
through application software which operates under the current operating system. 
This identification request is encrypted by a public key algorithm then forwarded 
through the network connection to the second computer (column 38, lines 21- 
29)]; and 
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(3) a verifier configurable to verify the secure identifier 
[i.e., Tello's invention also allows a personalized^ computer system that contains 
this invention to identify and authenticate another personalized^ computer 
connected to it in a network. In order to authenticate the identity of a second 
computer the first computer sends an identification request through application 
software which operates under the current operating system. This identification 
request is encrypted by a public key algorithm then forwarded through the 
network connection to the second computer (column 38, lines 21-29)], the verifier 
comprising: 

(4) memory comprising information corresponding to the 
public key information received and time tolerance information [i.e., also stored within 
the ROM are the same six encryption algorithms as are found in the flash memory 
of the security engine. The first is a public key based cryptographic algorithm 
that provides encryption and decryption for 48 and 64 bits of data (column 15, 
lines 5-10). The CK, which is stored in the internal memory of the smart card and 
the internal memory of the security engine, is used as an encryption key with an 
algorithm to encrypt or decrypt all communications after the first transfer of data 
between the security engine and the smart card (column 24, lines 31-35)]; 

(5) a key retriever coupled to the memory and 
configurable to retrieve a public key corresponding to the public key identifier [i.e., 
writing the retrieved identification data to the internal memory of the security 
engine microprocessor (column 46, lines 24-25)]; and 

(6) a time verifier (e.g., timer for verifying time) coupled to 
the memory and configurable to verify that the received time identifier falls within 
acceptable time tolerances [i.e., an interrupt line leads from the security engine 
microprocessor to various circuits which control the interrupt for the computer 
CPU, reset, on-off, detecting the presence of a smart card in the reader, and timer 
(column 7, lines 58-61)]. 
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ii. Although Tello teaches a clock in Figure 2 and a timer 
(column 7, line 61) and number of data bits in cryptographic algorithm, Tello does not 
explicitly mention: 

(1 ) time tolerance information. 

iii. Whereas, Akiyama teaches: 

(1) The key update timer 17 is a timer for regulating a 
timing of processing in the key update processing unit 16, as shown in Figure 3. 

iv. It would have been obvious to a person having ordinary skill 
in the art at the time the invention was made to: 

(1) combine the teaching of Akiyama into Tello's system 
to provide a client authenticating system for making the identification data impossible to 
be used by a third party by dynamically creating identification data used for the 
authentication between the user (client) and the service provider both in a client system 
and in a service provider system (column 2, lines 11-16 of Akiyama). 

v. The ordinary skilled person would have been motivated to: 
(1) combine the teaching of Akiyama into Tello's system 

to protect these systems and the data stored within them from unauthorized access and 
theft (column 1, lines 26-27 of Tello). 

c. Referring to claims 21. 27. 56: 
i. Tello teaches: 

(1) the secure identifier further comprises a PIN [i.e., the 
three main methods by which a user's claimed identity is verified are through the 
use of: 1.) something the individual knows such as a password or PIN (Personal 
Identification Number); 2.) something the individual possesses, such as a token- 
a magnetic stripe card or smart card for example; and/or 3.) something unique to 
the individual, such as a biometric characteristic-retina pattern or fingerprint for 
example (column 2, lines 1-8)], and wherein the receiver is configurable to decrypt the 
digital signature using the PIN [i.e., all tasks involving a peripheral device pass 
through this address space and it is here that all encryption and decryption 
operations take place controlled by the security engine (column 9, lines 5-8)]. 
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d. Referring to claims 22 and 51: 
i. Tello teaches: 

(1) wherein the key retriever compares the public key 
identifier received to public key information stored in memory [i.e., when the registers 
are read from the smart card to determine the type of card is inserted, an encrypted 
code number is read from the register of the inserted smart card and decrypted by the 
security engine microprocessor using the public encryption key 475. This code is then 
compared to a table of smart card code numbers that are stored in flash memory in the 
security engine 477. From this comparison, the type of smart card can be ascertained. 
By default, all smart cards, with the exception of vendor smart cards, have the code for 
a 'new* card in the appropriate register location until changed through the set up 
procedure (column 24, lines 46-56)]. 

e. Referring to claims 24-25. 28-29. 57-58: 

i. These claims have limitations that are similar to those of 
claims 7-8, thus they are rejected with the same rationale applied against claims 7-8 
above. 

Conclusion 

8. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

a. Doyle et al (US 2002/0095587 A1) discloses a method, system, 
computer program product, and method of doing business by improving the security of 
transactions performed using smart cards, and also a card with an integrated biometric 
sensor (see abstract). 

Any inquiry concerning this communication or earlier 
communications from the examiner should be directed to Thanhnga (Tanya) Truong 
whose telephone number is 571-272-3858. 

If attempts to reach the examiner by telephone are unsuccessful, 
the examiner's supervisor, Kim Vu can be reached at 571-272-3859. The fax and 
phone numbers for the organization where this application or proceeding is assigned is 
703-872-9306. 
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Any inquiry of a general nature or relating to the status of this 
application or proceeding should be directed to the receptionist whose telephone 
number is 571-272-2100. 



TBT 

September 6, 2005 





